Nytro Posted March 2, 2015 Report Posted March 2, 2015 Intercepting functions from statically linked librariesJanuary 28, 2015Ionut PopescuA common technique for blackbox penetration testing of a binary application is intercepting function calls. This technique helps the pentester to properly understand how the application works and to manipulate application data.The problemIn most cases, it is pretty easy to intercept a function call: the application calls a function from a shared library (DLL) and you just need to find its address in the DLL’s export address table and breakpoint on it.But it may happen that your target function is from a statically linked library, which means that you cannot find its address by name in the export table. So how to find the target function’s address in this situation? In our case, we have a Windows executable statically linked with OpenSSL and we want to intercept and modify the TLS encrypted traffic which is handled by the SSL_writefunction from OpenSSL.However, the same idea can be applied for other operating systems and libraries.Sursa: Intercepting functions from statically linked libraries – Security Café Quote
